We previously issued a briefing on the Court of Justice of the European Union’s (CJEU) ruling that declared all transfers of personal data from the EU to the United States under the U.S.-EU Safe Harbor Framework, including those conducted by vendors or suppliers, immediately invalid.  On 14 October 2015, we presented a webinar on this topic, including a practical discussion of the impact and potential solutions.  Moving forward, companies should evaluate the following frequently asked questions to help mitigate the potential risk of exposure when transferring data internationally.

Overview questions

  • I’m Safe Harbor certified and have seen news articles reporting that “Safe Harbor is invalid”. What does that mean?
  • When does the court’s decision come into effect?

Safe Harbor self-certified organisations

  • Do I need to stop all international data transfers?
  • I still need to transfer data from the EU to the United States, what should I do?
  • Has any official guidance been released regarding the implications of the court’s decision?

What are our next steps?

  • Do you know what data you collect?
  • Do you know what data you send to the United States?
  • Do you know what services your suppliers/vendors supply?
  • What do I do if I receive something from my supplier asking me to sign?
  • I need more advice; what are Model Clauses, Binding Corporate Rules etc.?!

Organisations that are not Safe Harbor certified

  • My business is not Safe Harbor certified – does that mean I can ignore this ruling?
  • Can I still transfer data to suppliers that are Safe Harbor certified?
  • Are any guidance notes available?

Client here to read our answers to the above questions in our issued Client Alert.